10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws 279 10.3.2 State Laws In addition to federal laws, every state in the union has anti-hacking laws. In many cases, state laws are more specific than federal laws because it is typically easier for states to pass legislation than it is for the federal government. State laws are important for cybersecurity professionals because jurisdiction in cyberspace is defined liberally; for example, a computer hacker operating in Ohio breaking into a computer located in California can run afoul of the laws not only in those two states, but in every state between where network traffic flows! It is possible to be charged with violating multiple different states laws in addition to federal laws. Ethical hackers in particular need to be well-versed with all applicable state laws. For example, in the state of Ohio, the Ohio Revised Code Section 2913.04 defines crimes involving the “unauthorized use of computer, cable, or telecommunications property.” In part, it states, “No person, in any manner and by any means, including, but not limited to, computer hacking, shall knowingly gain access to, attempt to gain access to, or cause access to be gained to any computer, computer system, computer network…” This provision was added to the law in 2011. Violations of this law could result in up to three years in prison. Because states and the federal government are separate authorities, it is possible to be charged with both state and federal crimes for the same act. 10.3.3 International Laws “In the face of the [cyber] threat, we must develop capabilities to defend ourselves in a manner that preserves international legal order. At the same time, it is the responsibility of the international community to ensure that peace, security, and stability are maintained, and that [cyber] capabilities are only used in accordance with international law.” - Tallinn Manual 2.0 by the International Groups of Experts There are international laws that govern nation state conflict and warfare. In this context, the term state refers to a sovereign nation. The most important of these laws date to the early twentieth century and to the period immediately following World War II (WWII). They have been agreed on by most of the developed countries in the modern world. The context for these laws are obviously pre-Internet, but the principles apply in cyberspace because it is possible for nations to inflict harm on one another in and through cyberspace. As we learned in Section 3.1.1.2, the United States Constitution provides the legal authorities and boundaries for conducting cyber operations. Title 50 covers signals intelligence (SIGINT) and Title 10 covers military activity. These types of activity that cross the United States border are also governed by international laws. When a state conducts a cyber operation that affects another state, two main principles of law apply: jus ad bellum and jus in bello (jus is pronounced “yuse”). Both are Latin terms, and they mean “right to
RkJQdWJsaXNoZXIy MTM4ODY=